-
Notifications
You must be signed in to change notification settings - Fork 228
[cetic/nifi] Custom port support for nifi processors like HandleHttp and ListenHttp #312
Comments
@tunaman @Subv @octopyth @drivard below is mine values file Number of nifi nodesreplicaCount: 3 Set default image, imageTag, and imagePullPolicy.ref: https://hub.docker.com/r/apache/nifi/image: Optionally specify an imagePullSecret.Secret must be manually created in the namespace.ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/pullSecret: myRegistrKeySecretNamesecurityContext: @param useHostNetwork - boolean - optionalBind ports on the hostNetwork. Useful for CNI networking where hostPort mightnot be supported. The ports need to be available on all hosts. It can beused for custom metrics instead of a service endpoint.WARNING: Make sure that hosts using this are properly firewalled otherwisemetrics and traces are accepted from any host able to connect to this host.sts: Parallel podManagementPolicy for faster bootstrap and teardown. Default is OrderedReady.podManagementPolicy: Parallel - ip: "1.2.3.4"hostnames:- example.com- examplestartupProbe: Useful if using any custom secretsPass in some secrets to use (if required)secrets:- name: myNifiSecretkeys:- key1- key2mountPath: /opt/nifi/secretUseful if using any custom configmapsPass in some configmaps to use (if required)configmaps:- name: myNifiConfkeys:- myconf.confmountPath: /opt/nifi/custom-configproperties: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#nifi_sensitive_props_keysensitiveKey: changeMechangeMe # Must have at least 12 characters NiFi assumes conf/nifi.properties is persistent but this helm chartrecreates it every time. Setting the Sensitive Properties Key(nifi.sensitive.props.key) is supposed to happen at the same time/opt/nifi/data/flow.xml.gz sensitive properties are encrypted. If thatdoesn't happen then NiFi won't start because decryption fails.So if sensitiveKeySetFile is configured but doesn't exist, assume/opt/nifi/flow.xml.gz hasn't been encrypted and follow the procedurehttps://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#updating-the-sensitive-properties-keyto simultaneously encrypt it and set nifi.sensitive.props.key.sensitiveKeySetFile: /opt/nifi/data/sensitive-props-key-appliedIf sensitiveKey was already set, then pass in sensitiveKeyPrior with the old key.sensitiveKeyPrior: OldPasswordToChangeFromalgorithm: NIFI_PBKDF2_AES_GCM_256 use externalSecure for when inbound SSL is provided by nginx-ingress or other external mechanismexternalSecure: true use properties.safetyValve to pass explicit 'key: value' pairs that overwrite other configurationsafetyValve: Include aditional processorscustomLibPath: "/opt/configuration_resources/custom_lib"Include additional libraries in the Nifi containers by using the postStart handlerref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/postStart: /opt/nifi/psql; wget -P /opt/nifi/psql https://jdbc.postgresql.org/download/postgresql-42.2.6.jarNifi User Authenticationauth: If set while LDAP is enabled, this value will be used for the initial admin and not the ldap bind dn / adminadmin: CN=admin, OU=NIFI Automaticaly disabled if OIDC or LDAP enabledsingleUser: clientAuth: ldap: oidc: openldap: Expose the nifi service to be accessed from outside the cluster (LoadBalancer service).or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.ref: http://kubernetes.io/docs/user-guide/services/headless serviceheadless: ui serviceservice: nodePort: 30236annotations: {} timeoutSeconds: 10800Enables additional port/ports to nifi service for internal processorsprocessors: Configure containerPorts section with following attributes: name, containerport and protocol.containerPorts: #[]
Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ingress: If you want to change the default path, see this issue #22Amount of memory to give the NiFi java heapjvmMemory: 2g Separate image for tailing each log separately and checking zookeeper connectivitysidecar: Enable persistence using Persistent Volume Claimsref: http://kubernetes.io/docs/user-guide/persistent-volumes/persistence: When creating persistent storage, the NiFi helm chart can either reference an already-definedstorage class by name, such as "standard" or can define a custom storage class by specifyingcustomStorageClass: true and providing the "storageClass", "storageProvisioner" and "storageType".For example, to use SSD storage on Google Compute Engine see values-gcp.yamlTo use a storage class that already exists on the Kubernetes cluster, we can simply reference it by name.For example:storageClass: standardThe default storage class is used if this variable is not set.accessModes: [ReadWriteOnce] Use subPath and have 1 persistent volume instead of 7 volumes - use when your k8s nodes have limited volume slots, to limit waste of space,or your available volume sizes are quite largeThe one disk will have a directory folder for each volumeMount, but this is hidden. Run 'mount' to view each mount.subPath: Storage Capacities for persistent volumes (these are ignored if using one volume with subPath)configStorage: Storage capacity for the 'data' directory, which is used to hold things such as the flow.xml.gz, configuration, state, etc.dataStorage: Storage capacity for the FlowFile repositoryflowfileRepoStorage: Storage capacity for the Content repositorycontentRepoStorage: Storage capacity for the Provenance repository. When changing this, one should also change the properties.provenanceStorage value above, also.provenanceRepoStorage: Storage capacity for nifi logslogStorage: Configure resource requests and limitsref: http://kubernetes.io/docs/user-guide/compute-resources/resources: {} We usually recommend not to specify default resources and to leave this as a consciouschoice for the user. This also increases chances charts run on environments with littleresources, such as Minikube. If you do want to specify resources, uncomment the followinglines, adjust them as necessary, and remove the curly braces after 'resources:'.limits:cpu: 100mmemory: 128Mirequests:cpu: 100mmemory: 128Milogresources: Enables setting your own affinity. Mutually exclusive with sts.AntiAffinityYou need to set the value of sts.AntiAffinity other than "soft" and "hard"affinity: {} nodeSelector: {} tolerations: [] initContainers: {} foo-init: # <- will be used as container nameimage: "busybox:1.30.1"imagePullPolicy: "IfNotPresent"command: ['sh', '-c', 'echo this is an initContainer']volumeMounts:- mountPath: /tmp/fooname: fooextraVolumeMounts: [] extraVolumes: [] Extra containersextraContainers: [] terminationGracePeriodSeconds: 30 Extra environment variables that will be pass onto deployment podsenv: [] Extra environment variables from secrets and config mapsenvFrom: [] Extra options to add to the bootstrap.conf fileextraOptions: [] envFrom:- configMapRef:name: config-name- secretRef:name: mysecretOpenshift supportUse the following varables in order to enable Route and Security Context Constraint creationopenshift: ca server detailsSetting this true would create a nifi-toolkit based ca serverThe ca server will be used to generate self-signed certificates required setting up secured clusterca: If true, enable the nifi-toolkit certificate authorityenabled: false cert-manager supportSetting this true will have cert-manager create a private CA for the clusteras well as the certificates for each cluster node.certManager: cert-manager takes care of rotating the node certificates, so defaulttheir lifetime to 90 days. But when the CA expires you may need to'helm delete' the cluster, delete all the node certificates and secrets,and then 'helm install' the NiFi cluster again. If a site-to-site trustedCA or a NiFi Registry CA certificate expires, you'll need to restart allpods to pick up the new version of the CA certificate. So default the CAlifetime to 10 years to avoid that happening very often.c.f. cert-manager/cert-manager#2478 (comment)certDuration: 2160h ------------------------------------------------------------------------------Zookeeper:------------------------------------------------------------------------------zookeeper: If true, install the Zookeeper chartref: https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yamlenabled: true If the Zookeeper Chart is disabled a URL and port are required to connecturl: "" ------------------------------------------------------------------------------Nifi registry:------------------------------------------------------------------------------registry: If true, install the Nifi registryenabled: false Add values for the nifi-registry hereref: https://github.com/dysnix/charts/blob/main/dysnix/nifi-registry/values.yamlConfigure metricsmetrics: |
This issue is stale because it has not seen recent activity. Remove stale label or comment or this will be closed. |
I have deployed 3 node cluster on AWS eks and exposing application using ingress controller.I have opened some additional ports on nifi pods and in nifi service also I have verified this within the cluster .custom ports are opened and I am able to use them in HandleHttp processor. But if I send data using ingress host on custom port .my ingress is rejecting the request giving me 502 error.
Is there any way I can access the UI on 8443 port and also use custom ports with same host?
Pls guide me here.
The text was updated successfully, but these errors were encountered: